Hey Chris: Just wondering about this...what kind of filter would you recommend passing over the HTTP_REFERER in order to verify it's (reasonably) kosher?
Cheers, Marc http://www.suzerain.com Le 25 oct. 06 à 13:59, csnyder a écrit : > On 10/25/06, Néstor <[EMAIL PROTECTED]> wrote: > >> I can tell you that this is not user input but I was printing >> variable to try to debug the problem. > > HTTP_REFERER is considered user input, becuase it is built from HTTP > headers. Just make sure you implicitly trust anybody who is able to > execute the script. One could send a referrer that looks like > "file:///etc/passwd" or something. > > There's no reason that $lines = file( $from ) wouldn't work, provided > $from is actually set. So either this is a PHP bug, which is > _extremely_ unlikely, or you have a typo somewhere in your code. Are > you sure you didn't set $form? Are you sure that the referrer is being > sent? Are you checking for an error raised by the file() call? > > -- > Chris Snyder > http://chxo.com/ > _______________________________________________ > New York PHP Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
